Office365 autodiscover.xml returns 403 Forbidden
I'm working on a simple benchmark script that requires information provided by https://outlook.office365.com/autodiscover/autodiscover.xml. I am using basic authentication with my outlook.com email credentials and it works fine when testing from my computer.
When I shared the script with my colleague (using the same credentials) he was getting a 403 Forbidden response for the request. After some trial and error, it seems like the script is working from multiple different networks inside my country but as soon as I run it from a different country, I get the 403 Forbidden. Since this is a benchmark script it is essential I use the same credentials.
I cannot get any information as to what might cause the issue, given that the script is always the same, I suspect this could be a security feature preventing a user to authenticate from different countries, but I was unable to find any documentation or even mention of it.
Does anyone have an idea what might be causing the 403?
I found the answer. When a request against autodiscover.xml and other APIs is sent from a country/region that has no previous logins through the website, API requests are responded with 403 Forbidden and marked as Unusual activity in Activity log:
After logging in to the account using the browser from that country/region API requests started to work in a few minutes. At this point, I don't know for how long the country/region will be whitelisted before I will have to redo a manual login.
- Get-RemoteDomain in powershell exchange online error : The term 'Get-RemoteDomain' is not recognized as the name of a cmdlet
- EWS Managed API Authentication with Exchange on premise (NTLM)
- Programmatically Assign Exchange Roles to a Group in Azure AD using Microsoft Graph API
- How to set up an (Azure) OAuth2 application for personal Outlook.com accounts (Exchange) for usage with exchangelib?
- Symfony Mailer with Exchange
- Convert HTML to Plain Text?
- How to get values from enumeration created from ExchangeManagement Shell
- Which SMTP sever to send Java Mail to when the server is cloud-based?
- Exchange server doesn't accept store command without explictely selecting the inbox
- Python exchangelib recurrence events
- getting autodiscover URL from Exchange email address
- GetExchangeUser() returns null when Outlook 2016 uses Cached Exchange Mode
- What is difference between commands Disable-MailUser and Disable-Mailbox in MS Exchange
- Get-MgGroupMember by display name instead of userID
- What are the symbols used in Binance's dapi (coin futures api)?
- Reading e-mails from Outlook with Python through MAPI
- How unique is mails conversation index property of the email
- Using EXO TotalItemSize with -gt in Powershell - inaccurate for some mailbox sizes
- How to Get the Current User's Email Address in a Windows Office Network Using C#
- Connect-ExchangeOnline with German 0365 cloud always times out
- Can I use NOT or 'only if' in Exchange message rules?
- MAPI cannot read all entries of the global address list (GAL) anymore in Exchange Online since January 2024
- Microsoft Graph API - "Decline event" call fails
- EWS Streaming Subscription with Exchange Online
- Exchange Web Services: Unsubscribe from Events
- Can there be multiple DKIM and SPF records on one domain (alongside Microsoft Exchange hosted email)?
- Fast Transfer Stream Parser EWS Export Items
- In Exchange 2019 on-prem, how do I configure send connectors to disable DNS lookups?
- Is there a method to set the replyTo header of an email using Exchange Web Service (EWS)?
- Connecting to EWS using VBA - Retrieve data using GET call via XML